Lucene search

[email protected]CVE-2016-10107

HistoryJan 03, 2017 - 6:59 a.m.

CVE-2016-10107

2017-01-0306:59:00

CWE-77

[email protected]

web.nvd.nist.gov

cve

command injection

remote exploit

unauthenticated

nas

western digital

mycloud

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.0%

JSON

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.

Affected configurations

NVD

Node

western_digitalmycloud_nasMatch2.11.142

CPENameOperatorVersion
western_digital:mycloud_naswestern digital mycloud naseq2.11.142

CPE	Name	Operator	Version
western_digital:mycloud_nas	western digital mycloud nas	eq	2.11.142

References

www.securityfocus.com/bid/95201

www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.0%

JSON

Related for CVE-2016-10107

prion1 nvd1 cvelist1 openvas2 threatpost1